To infiltrate the network, the attacker had to take several steps to make sure the ransomware attack was successful. Attackers successfully leverage weaknesses in security policy and misconfigurations across an entire organization from end-user to Domain Administrator. The human factor in targeted ransomware attacks goes much deeper. It is no longer the typical “end-user clicking on a malicious link” causing the complete lock-up of a company.
Targeted ransomware attackers are successfully leveraging the “human factor” integrally. Besides, a security organization should have a least privilege strategy when it comes to accessing systems. Unfortunately, this is not a unique case external facing systems should always have multi-factor authentication enabled when possible. With this account, belonging to the administrator group, the attacker immediately obtained the proverbial “keys to the kingdom” with all the necessary permissions to perform a successful attack.
Tailor tales plus password password#
Based on our research it took several days for the brute force to crack the password of the ‘Administrator’ account. In this particular case the attacker performed a brute force attack on a web server containing an outdated VPN service. The global spread is currently limited as this ransomware is relatively new and heavily targeted.Īs in all ransomware cases, the attacker has to gain initial access to the network somehow. We gathered telemetry through our McAfee Global Threat Intelligence GTI database on the different LockBit samples we analyzed in our research. Like the previous posts in this blog series, we describe the different stages of the attack and recovery, including a thorough analysis of the ransomware and the attackers behind it. abcd virus, this piece of ransomware was more a revision than evolution when compared with earlier attacks. First sighted in late 2019, under the name. During one of their recent incident responses, Northwave encountered a relatively new family of ransomware called LockBit performing a targeted attack. In collaboration with Northwave, this article describes a real-life case of a targeted ransomware attack. We believe there is real opportunity to learn from incident response cases and previous attacks, hence why this blog is dubbed ‘tales from the trenches’.
Tailor tales plus password manual#
Many of them are using a similar manual modus operandi as we highlighted in the earlier blogs. In the second part, we described the reconnaissance phase of an attacker that controls an infected host or a valid account to access a remote service. In our first article, we discussed the growing pattern of targeted ransomware attacks where the primary infection stage is often an info-stealer kind of malware used to gain credentials/access to determine if the target would be valuable for a ransomware attack. As we highlighted previously across two blogs, targeted ransomware attacks have increased massively over the past months.
0 kommentar(er)
